T1SP: Episode 23

take1

[ Subscribe to the Podcast: iTunes | Android ]

News

  • [ ] Juniper backdoor; could have been found with diff; signs point to NSA

  • [ ] RCE on FireEye appliances

  • [ ] Hyatt got hacked; malware on POS

  • [ ] 45K drones registered with FAA within 2 days

  • [ ] Industry moving towards password-free logins; still single factor, now the factor is your device; although access to device could require factors

  • [ ] Microsoft will now tell you if your account has been targeted by government authorities

  • [ ] Tor announced it’s doing a bug bounty, looks like it’ll be internal

  • [ ] Steam had a DoS that revealed 34K user details

  • [ ] Linode has been suffering a massive DDoS on its datacenters, DNS infrastructure

  • [ ] Spy files found in North Korea’s Operating System

Ideas, updates, and discussion

  • [ ] 3 things you should do every January

  • [ ] Web Scanner Series: Burp vs. Netsparker

  • [ ] When you’re interviewing, make sure you make it clear that you’re the asset too, not just them

  • [ ] Failing at the basics in intelligence and infosec

  • [ ] Why Trump is Winning

  • [ ] Sensitive data sent in URL over HTTPS

  • [ ] Difference between correlation and causation

  • [ ] Paul Graham’s REFRAGMENTATION post

  • [ ] The relationship between Relaxation, Fun, and Performance

  • [ ] Michael Coates makes the argument that false negatives are way better than false positives because false positives create unnecessary work for his team

  • [ ] Brainstorm questions, not solutions

Tools and projects

  • [ ] BLUTO

  • [ ] Serpico

  • [ ] Firmware Extraction from Craig Smith

  • [ ] Vulnerability Database Resources

  • [ ] IoT Attack Surfaces Project

  • [ ] RobotsDisallowed Project

  • [ ] Nowhere.net (CyberPunk)

  • [ ] EyeWitness

  • [ ] REST Security Cheat Sheet

  • [ ] Censys.io

  • [ ] GithubDorks

  • [ ] InstaRecon (DNS lookups, whois, shodan, google dorks, etc)

  • [ ] twfactorauth.org

Announcements

  • [ ] Speaking at OWASP Cali end of January

  • [ ] Currently working on an ICS / SCADA primer

Miscellaneous

  • [ ] Need to check out the Benedict Evans blog

  • [ ] Serial Podcast / Making a Murderer on Netflix

  • [ ] If you know any Army veterans who are getting out and want to get into InfoSec, let me know

  • [ ] Twitter account: CISSP Googling

  • [ ] Sam Altman (Startup Playbook)

[ Subscribe to the Podcast: iTunes | Android ]

Notes

  1. The intro track is from one of my favorite EDM artists: Zomby. The song is ‘Orion’, and it’s from the ‘With Love’ album. Highly recommended if you like chill EDM.

Related posts: